compliance-trestle icon indicating copy to clipboard operation
compliance-trestle copied to clipboard

Published 20 hours ago verified publisher icon oscal-compass

OCP4 Demo for Kubecon

Open vikas-agarwal76 opened this issue 2 years ago • 4 comments

Issue description / feature objectives

Need to create a demo for showing agile authoring of OCP4 catalogs, profiles, CD, and SSP

Caveats / Assumptions

Completion Criteria

Create following repos in compliance-trestle-testing with "Public" visibility.

  • ocp4-catalogs
  • ocp4-profiles
  • ocp4-cd
  • ocp4-ssp

Inititalize trestle in each repo, copy the directory structure from test-profile and the related automation (with main, dev branch, automation, release, etc.).

  1. Setup of ocp4-catalogs repo Use the instructions in https://ibm.github.io/compliance-trestle/tutorials/task.ocp4-cis-profile-to-oscal-catalog/transformation/ to setup conversion from text file to OSCAL catalog JSON. Rest of the automation from OSCAL to Markdown and back, semantic versioning, approval, etc. should be similar to that in test-profiles repo.
    Add Anca to the list of approvers in CODEOWNERS file. Setup push to profile repo in case of updates to the catalog.

Detailed setup for other repos will be added later.

vikas-agarwal76 avatar Sep 14 '22 06:09 vikas-agarwal76

Setup of ocp4-profiles repo

The initial profile will be in OSCAL json. There will be no script to convert any xslx/text files to OSCAL json. The initial profile is - roks-ocp4-tailored.json.txt

profile name should be "roks-ocp4-tailored". Rest of the automation from OSCAL to Markdown and back, semantic versioning, approval, etc. should be similar to that in test-profiles repo. Add Anca to the list of approvers in CODEOWNERS file.

vikas-agarwal76 avatar Sep 15 '22 13:09 vikas-agarwal76

Setup of ocp4-cd repo

The initial CD will be in CSV format. Use CSV to OSCAL CD task (from Lou) to convert CSV to OSCAL json. The sample CD csv fie is - ocp4-cd.csv

CD name should be "ocp4-cis-node". Rest of the automation from OSCAL to Markdown and back, semantic versioning, approval, etc. should be similar to that in test-profiles repo. Add Anca to the list of approvers in CODEOWNERS file.

vikas-agarwal76 avatar Sep 19 '22 10:09 vikas-agarwal76

@vikas-agarwal76 I was not able to find task to convert csv to OSCAL. Currently, we have xlsx to OSCAL CD task and CIS profile to OSCAL CD

Did you mean xlsx to OSCAL conversion or is there a new script somewhere?

enikonovad avatar Oct 06 '22 02:10 enikonovad

@enikonovad

Setup of ocp4-ssp repo

copy the content from ocp4-cd repo and create folders for ssp. SSP name should ocp4-ssp.

Disable the automation for now (travis.yaml file). Will manually create an SSP for demo purposes as SSP commands need to be updated to use component defs.

setup SSP update.sh in cp4-cd repo to push the contents here in case of CD updates.

vikas-agarwal76 avatar Oct 14 '22 04:10 vikas-agarwal76

See initialized: https://github.com/ComplianceAsCode/kube-oscal-cd https://github.com/ComplianceAsCode/kube-oscal-catalog

Set not initialized: https://github.com/ComplianceAsCode/kube-oscal-ssp https://github.com/ComplianceAsCode/kube-oscal-profile

degenaro avatar May 06 '24 18:05 degenaro